fix: harden attestation signing fallback

[vicentsmith470-web]

Summary

Fixes #6859 by hardening the attestation-signing follow-ups from the #6839 review.

What changed:

• setup_miner.py now downloads and SHA-256 verifies miners/signing_helpers.py next to the installed miner, so installed Linux/Windows miners can use the shared pipe-message builder instead of always taking the inline fallback.
• The shell installers also download and verify signing_helpers.py via miners/checksums.sha256.
• Linux and Windows miners now log a WARNING if Ed25519 attestation signing fails instead of silently swallowing the exception.
• Added regression coverage for the installed-miner inline fallback path by driving Linux LocalMiner.attest() with _SIGNING_HELPERS=False and asserting the signed bytes match the node verifier reconstruction (miner_id|miner|nonce|commitment).
• Added regression coverage that signing failures emit a warning and fall through unsigned.

Scope notes

• No changes to attestation payload shape, server verification, reward math, enrollment, mining loop, or macOS miner behavior.
• This PR intentionally leaves macOS unsigned-attestation behavior unchanged, matching the informational note in Follow-up to #6839: harden attestation-signing fix (test the fallback, log swallowed errors, Mac coverage) #6859.

Validation

python -m py_compile miners\linux\rustchain_linux_miner.py miners\windows\rustchain_windows_miner.py setup_miner.py tests\test_attestation_signing_6798.py tests\test_setup_miner_downloads.py tests\test_install_miner_checksums.py
python -m pytest -q tests\test_attestation_signing_6798.py tests\test_linux_miner_identity.py tests\test_linux_miner_network_retry.py tests\test_setup_miner_downloads.py tests\test_install_miner_checksums.py
20 passed
git diff --check

Bounty / payout

Wallet: RTCf69dd944558d4e843a4a676495a97638055caea2

[vicentsmith470-web]

Validation update after rebasing on current main and syncing the fetchall baseline line drift:

• python -m pytest -q tests\test_windows_miner_setup_checksum.py tests\test_setup_miner_downloads.py tests\test_install_miner_checksums.py tests\test_attestation_signing_6798.py tests\test_linux_miner_identity.py tests\test_linux_miner_network_retry.py -> 23 passed
• python -m py_compile miners\linux\rustchain_linux_miner.py miners\windows\rustchain_windows_miner.py setup_miner.py tests\test_attestation_signing_6798.py tests\test_setup_miner_downloads.py tests\test_install_miner_checksums.py tests\test_windows_miner_setup_checksum.py -> passed
• git diff --check origin/main -> passed

CI is green on the updated head.

[Scottcjn]

This is a clean, complete follow-up to #6859 — thank you. I verified it addresses all three items:

1. ✅ Distributes signing_helpers.py — both installers download it and SHA-256 verify it against miners/checksums.sha256 (new entry added), and setup_miner.py pins it with a test (test_setup_miner_pins_current_signing_helper_artifact). Installed miners now use the shared pipe-message builder instead of always falling to the inline copy.
2. ✅ Logs on signing failure — the silent except: pass is now logging.warning(...) on both Linux and Windows, so a broken keypair/helper is diagnosable. Bonus: you re-enabled TLS certificate verification (dropping the old verify=False path) — a real security improvement.
3. ✅ Tests the inline fallback — test_linux_miner_inline_fallback_matches_node_verifier exercises the path real installs hit and asserts byte-equality with the node verifier's reconstruction, plus test_linux_miner_warns_when_attestation_signing_fails.

Also verified: the checksum manifest matches the actual miner files (no stale-manifest issue), and it's only 2 commits behind main. The signing algorithm is unchanged from the verified #6839 fix — this is purely the hardening/distribution/logging/test layer — so no fresh crypto review needed.

One thing holding the green check: main itself currently has a red test gate (a stale fetchall-guard baseline — line-number drift, fix in flight at #6870). Once #6870 lands, rebase onto main and your CI should go green, then I'll merge. Solid work. 🦞

[jaxint]

Thanks for the contribution! 🎉

[jaxint]

Great work! 👍

[JesusMP22]

Code Review: Harden attestation signing fallback

Summary: Improves the robustness of attestation signing by hardening the fallback mechanism, ensuring miners can still attest even when primary signing fails.

What I like:

• Fallback mechanisms are critical for system reliability
• Attestation is core to RustChain's trust model

Suggestions:

1. Document the fallback signing path and its security properties
2. Add tests that simulate primary signing failure and verify fallback works
3. Consider whether fallback signatures should be distinguishable from primary ones
4. Ensure the fallback doesn't introduce a weaker security guarantee

Security considerations:

• Fallback paths are often where security weaknesses hide
• Ensure the fallback signing key has the same protection as the primary
• Consider whether fallback could be exploited to submit fraudulent attestations

Verdict: ✅ Good reliability improvement. Fallback hardening is important for production systems.

[jaxint]

Great work! Thanks for contributing.

[jaxint]

Thanks for the contribution! 🎉

[jaxint]

Thanks for this contribution! Great work.